## Policy
The compositor contains an API useful for defining policy rules. It contains
-the bare minimum and installs, by default, an allow-all kind of engine.
+the bare minimum and installs, by default, an allow-all kind of engine. A
+deny-all policy engine exists and can be switched to by using
+`-Dpolicy-default=deny-all` build time option.
+
+For instance, in order to configure the compositor with that policy one could
+issue:
+
+ $ meson -Dprefix=/path/to/where/to/install/compositor -Dpolicy-default=deny-all build_directory
Users wanting to create their own policy engine should create a specialized
version and use `struct ivi_policy_api` where they can install their own
`ivi_policy_api::policy_rule_try_event()` which is executed for each policy
rules currently added, by using the policy API `ivi_policy_add()`.
-Users can customize the hooks by using some sort of database to retrieve
-the application name to compare against, or incorporate some kind of policy
-rule engine.
+Users can customize the hooks by using some sort of database to retrieve the
+application name to compare against, or incorporate some kind of policy rule
+engine. Alternatively, one can use the deny-all policy engine which allows the
+top panel applications to be used/displayed as permitted applications.
### Policy rules
to activate or switch to other running (regular) applications. The client
is responsbile for filtering their own app_id when receiving application id.
- Note that other (regular) applications can bind to this interface and there is
- no mechanism to place to restrict or limit that.
+ The compositor will allow clients to bind to this interface only if the
+ policy engine allows it.
</description>
<enum name="app_role">
Code Review / src / agl-compositor.git / commitdiff